论文信息 - Modified Parameter Attacks: Practical Attacks against CCA2 Secure Cryptosystems and Countermeasures

Modified Parameter Attacks: Practical Attacks against CCA2 Secure Cryptosystems and Countermeasures

We introduce the concept of Modified Parameter Attacks, a natural extension of the idea of Adapative Chosen Ciphertext Attacks (CCA2) under which some CCA2 secure systems can be shown to be insecure. These insecurities can be addressed at the application level, but can also be addressed when cryptographic schemes are being designed. We survey some existing CCA2 secure systems which are vulnerable to this attack and suggest practical countermeasures.

William Whyte | Nick Howgrave-Graham | Joseph H. Silverman | Ari Singer

[1] David Pointcheval,et al. REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.

[2] Daniel R. Simon,et al. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[3] Dan Boneh,et al. Simplified OAEP for the RSA and Rabin Functions , 2001, CRYPTO.

[4] Mihir Bellare,et al. Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[5] Bruce Schneier,et al. Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.

[6] Victor Shoup,et al. OAEP Reconsidered , 2001, CRYPTO.

[7] Bruce Schneier,et al. Analysis of the SSL 3.0 protocol , 1996 .

[8] James Manger,et al. A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0 , 2001, CRYPTO.

[9] Tatsuaki Okamoto,et al. How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[10] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[11] Serge Vaudenay,et al. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[12] Victor Shoup,et al. A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[13] Benny Pinkas,et al. Combining Public Key Cryptosystems , 2001 .

[14] Jacques Stern,et al. RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.